Metadata-Version: 2.1
Name: mozfederatedpolicybuilder
Version: 0.0.1
Summary: Tool to create an AWS IAM Role with a federated policy allowing users to login with Single Sign On
Home-page: https://github.com/mozilla-iam/mozfederatedpolicybuilder
Author: Gene Wood
Author-email: gene_wood@cementhorizon.com
License: UNKNOWN
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)
Classifier: Operating System :: OS Independent
Classifier: Topic :: Software Development :: Code Generators
Description-Content-Type: text/markdown
Requires-Dist: PyYAML
Provides-Extra: test
Requires-Dist: pytest ; extra == 'test'
Requires-Dist: pytest-clarity ; extra == 'test'
Requires-Dist: pytest-cov ; extra == 'test'
Requires-Dist: mock ; (python_version < "3.3") and extra == 'test'

# mozfederatedpolicybuilder

The Mozilla federated policy builder helps craft AWS IAM Roles that permit users
to assume those roles using a federated identity.

## Installation

```
pip install mozfederatedpolicybuilder
```

## Usage

```
mozfederatedpolicybuilder
```

You'll be prompted to choose what type of output you want

```
Policy format options :
* c/cloudformation : A YAML CloudFormation template which provisions a
    federated IAM role
* j/json-cloudformation : A JSON CloudFormation template which provisions a
    federated IAM role
* a/awscli : An AWS CLI command line command which creates a federated IAM role
* p/policy : The JSON trust relationship portion of the IAM policy (this can be
    copy pasted into the web console)

What format would you like the policy returned in? (c/cloudformation / a/awscli / j/json)
```

Select an output type. You'll be prompted for the groups you want to grant access

```
User groups can be granted access to the federated IAM role.
* Supported : Allow users in the group foo to assume the IAM role : "foo"
* Supported : Allow users in the group foo as well as users in the group bar to
    assume the IAM role : "foo,bar"
* Supported : Allow users in any group that begins with "foo_" : "foo_*"
What groups would you like to grant access to this role?
```

You'll next be prompted for the name of the AWS IAM Role

```
What name would you like for the AWS IAM Role?
```

Finally the tool will return the policy details in the format you've requested


